addressed comments

jrobertboos · jrobertboos · commit ca13e57b720b · 2026-03-27T15:22:59.000-04:00
diff --git a/tests/e2e/features/environment.py b/tests/e2e/features/environment.py
@@ -504,14 +504,6 @@ def before_feature(context: Context, feature: Feature) -> None:
         switch_config(context.feature_config)
         restart_container("lightspeed-stack")
 
-    if "TLS" in feature.tags:
-        mode_dir = "library-mode" if context.is_library_mode else "server-mode"
-        context.feature_config = (
-            f"tests/e2e/configuration/{mode_dir}/lightspeed-stack-tls.yaml"
-        )
-        context.default_config_backup = create_config_backup("lightspeed-stack.yaml")
-        switch_config(context.feature_config)
-
 
 def after_feature(context: Context, feature: Feature) -> None:
     """Run after each feature file is exercised.
@@ -560,12 +552,14 @@ def after_feature(context: Context, feature: Feature) -> None:
         restart_container("lightspeed-stack")
         remove_config_backup(context.default_config_backup)
 
-    if "TLS" in feature.tags:
+    # Restore Lightspeed Stack config if TLS Background step switched it
+    if getattr(context, "tls_config_active", False):
         switch_config(context.default_config_backup)
         remove_config_backup(context.default_config_backup)
         if not context.is_library_mode:
             restart_container("llama-stack")
         restart_container("lightspeed-stack")
+        context.tls_config_active = False
 
     # Clean up any proxy servers left from the last scenario
     if hasattr(context, "tunnel_proxy") or hasattr(context, "interception_proxy"):
diff --git a/tests/e2e/features/steps/tls.py b/tests/e2e/features/steps/tls.py
@@ -16,10 +16,18 @@
 from behave import given  # pyright: ignore[reportAttributeAccessIssue]
 from behave.runner import Context
 
+from tests.e2e.utils.utils import (
+    create_config_backup,
+    restart_container,
+    switch_config,
+)
+
 # Llama Stack config — mounted into the container from the host
 _LLAMA_STACK_CONFIG = "run.yaml"
 _LLAMA_STACK_CONFIG_BACKUP = "run.yaml.tls-backup"
 
+_LIGHTSPEED_STACK_CONFIG = "lightspeed-stack.yaml"
+
 
 def _load_llama_config() -> dict:
     """Load the base Llama Stack run config.
@@ -97,10 +105,48 @@ def _backup_llama_config() -> None:
         shutil.copy(_LLAMA_STACK_CONFIG, _LLAMA_STACK_CONFIG_BACKUP)
 
 
+def _prepare_tls_provider() -> tuple[dict, dict]:
+    """Back up run.yaml, load it, ensure the TLS provider exists, and init network config.
+
+    Returns:
+        A tuple of (full config dict, provider's network config dict).
+    """
+    _backup_llama_config()
+    config = _load_llama_config()
+    provider = _ensure_tls_provider(config)
+    provider.setdefault("config", {}).setdefault("network", {})
+    return config, provider
+
+
+# --- Background Steps ---
+# Restart steps ("The original Llama Stack config is restored if modified",
+# "Llama Stack is restarted", "Lightspeed Stack is restarted") are defined in
+# proxy.py and shared across features by behave.
+
+
+@given("Lightspeed Stack is configured for TLS testing")
+def configure_lightspeed_for_tls(context: Context) -> None:
+    """Switch lightspeed-stack.yaml to the TLS test configuration.
+
+    Backs up the current config and switches to the TLS variant that sets
+    default_provider to tls-openai and default_model to mock-tls-model.
+    The backup is restored in after_scenario via the shared restore step.
+
+    Parameters:
+        context: Behave test context.
+    """
+    mode_dir = "library-mode" if context.is_library_mode else "server-mode"
+    tls_config = f"tests/e2e/configuration/{mode_dir}/lightspeed-stack-tls.yaml"
+
+    if not hasattr(context, "default_config_backup"):
+        context.default_config_backup = create_config_backup(_LIGHTSPEED_STACK_CONFIG)
+
+    switch_config(tls_config)
+    restart_container("lightspeed-stack")
+    context.tls_config_active = True
+
+
 # --- TLS Configuration Steps ---
-# Background/restart steps ("The original Llama Stack config is restored if
-# modified", "Llama Stack is restarted", "Lightspeed Stack is restarted") are
-# defined in proxy.py and shared across features by behave.
 
 
 @given("Llama Stack is configured with TLS verification disabled")
@@ -110,15 +156,7 @@ def configure_tls_verify_false(context: Context) -> None:
     Parameters:
         context: Behave test context.
     """
-    _backup_llama_config()
-    config = _load_llama_config()
-    provider = _ensure_tls_provider(config)
-
-    if "config" not in provider:
-        provider["config"] = {}
-    if "network" not in provider["config"]:
-        provider["config"]["network"] = {}
-
+    config, provider = _prepare_tls_provider()
     provider["config"]["network"]["tls"] = {"verify": False}
     _write_config(config, _LLAMA_STACK_CONFIG)
 
@@ -130,15 +168,7 @@ def configure_tls_verify_ca(context: Context) -> None:
     Parameters:
         context: Behave test context.
     """
-    _backup_llama_config()
-    config = _load_llama_config()
-    provider = _ensure_tls_provider(config)
-
-    if "config" not in provider:
-        provider["config"] = {}
-    if "network" not in provider["config"]:
-        provider["config"]["network"] = {}
-
+    config, provider = _prepare_tls_provider()
     provider["config"]["network"]["tls"] = {
         "verify": "/certs/ca.crt",
         "min_version": "TLSv1.2",
@@ -155,15 +185,7 @@ def configure_tls_verify_true(context: Context) -> None:
     Parameters:
         context: Behave test context.
     """
-    _backup_llama_config()
-    config = _load_llama_config()
-    provider = _ensure_tls_provider(config)
-
-    if "config" not in provider:
-        provider["config"] = {}
-    if "network" not in provider["config"]:
-        provider["config"]["network"] = {}
-
+    config, provider = _prepare_tls_provider()
     provider["config"]["network"]["tls"] = {"verify": True}
     _write_config(config, _LLAMA_STACK_CONFIG)
 
@@ -175,14 +197,7 @@ def configure_tls_mtls(context: Context) -> None:
     Parameters:
         context: Behave test context.
     """
-    _backup_llama_config()
-    config = _load_llama_config()
-    provider = _ensure_tls_provider(config)
-
-    if "config" not in provider:
-        provider["config"] = {}
-    if "network" not in provider["config"]:
-        provider["config"]["network"] = {}
+    config, provider = _prepare_tls_provider()
 
     # Update base_url to use the mTLS server port
     provider["config"]["base_url"] = "https://mock-tls-inference:8444/v1"
@@ -203,15 +218,7 @@ def configure_tls_min_version(context: Context, version: str) -> None:
         context: Behave test context.
         version: The TLS version (e.g., "TLSv1.2", "TLSv1.3").
     """
-    _backup_llama_config()
-    config = _load_llama_config()
-    provider = _ensure_tls_provider(config)
-
-    if "config" not in provider:
-        provider["config"] = {}
-    if "network" not in provider["config"]:
-        provider["config"]["network"] = {}
-
+    config, provider = _prepare_tls_provider()
     provider["config"]["network"]["tls"] = {
         "verify": "/certs/ca.crt",
         "min_version": version,
diff --git a/tests/e2e/features/tls.feature b/tests/e2e/features/tls.feature
@@ -1,12 +1,11 @@
-@skip-in-library-mode
-@TLS
 Feature: TLS configuration for remote inference providers
   Validate that Llama Stack's NetworkConfig.tls settings are applied correctly
   when connecting to a remote inference provider over HTTPS.
 
   Background:
     Given The service is started locally
       And REST API service prefix is /v1
+      And Lightspeed Stack is configured for TLS testing
       And The original Llama Stack config is restored if modified
 
   Scenario: Inference succeeds with TLS verification disabled
